source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/mem_sec.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 14.9 KB
Line 
1/*
2 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
12 * This file is distributed under the terms of the OpenSSL license.
13 */
14
15/*
16 * This file is in two halves. The first half implements the public API
17 * to be used by external consumers, and to be used by OpenSSL to store
18 * data in a "secure arena." The second half implements the secure arena.
19 * For details on that implementation, see below (look for uppercase
20 * "SECURE HEAP IMPLEMENTATION").
21 */
22#include <openssl/crypto.h>
23#include <e_os.h>
24
25#include <string.h>
26
27#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
28//# define IMPLEMENTED
29# include <stdlib.h>
30# include <assert.h>
31# include <unistd.h>
32# include <sys/types.h>
33# include <sys/mman.h>
34# include <sys/param.h>
35# include <sys/stat.h>
36# include <fcntl.h>
37#endif
38
39#define CLEAR(p, s) OPENSSL_cleanse(p, s)
40#ifndef PAGE_SIZE
41# define PAGE_SIZE 4096
42#endif
43
44#ifdef IMPLEMENTED
45static size_t secure_mem_used;
46
47static int secure_mem_initialized;
48
49static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
50
51/*
52 * These are the functions that must be implemented by a secure heap (sh).
53 */
54static int sh_init(size_t size, int minsize);
55static char *sh_malloc(size_t size);
56static void sh_free(char *ptr);
57static void sh_done(void);
58static size_t sh_actual_size(char *ptr);
59static int sh_allocated(const char *ptr);
60#endif
61
62int CRYPTO_secure_malloc_init(size_t size, int minsize)
63{
64#ifdef IMPLEMENTED
65 int ret = 0;
66
67 if (!secure_mem_initialized) {
68 sec_malloc_lock = CRYPTO_THREAD_lock_new();
69 if (sec_malloc_lock == NULL)
70 return 0;
71 ret = sh_init(size, minsize);
72 secure_mem_initialized = 1;
73 }
74
75 return ret;
76#else
77 return 0;
78#endif /* IMPLEMENTED */
79}
80
81int CRYPTO_secure_malloc_done()
82{
83#ifdef IMPLEMENTED
84 if (secure_mem_used == 0) {
85 sh_done();
86 secure_mem_initialized = 0;
87 CRYPTO_THREAD_lock_free(sec_malloc_lock);
88 return 1;
89 }
90#endif /* IMPLEMENTED */
91 return 0;
92}
93
94int CRYPTO_secure_malloc_initialized()
95{
96#ifdef IMPLEMENTED
97 return secure_mem_initialized;
98#else
99 return 0;
100#endif /* IMPLEMENTED */
101}
102
103void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
104{
105#ifdef IMPLEMENTED
106 void *ret;
107 size_t actual_size;
108
109 if (!secure_mem_initialized) {
110 return CRYPTO_malloc(num, file, line);
111 }
112 CRYPTO_THREAD_write_lock(sec_malloc_lock);
113 ret = sh_malloc(num);
114 actual_size = ret ? sh_actual_size(ret) : 0;
115 secure_mem_used += actual_size;
116 CRYPTO_THREAD_unlock(sec_malloc_lock);
117 return ret;
118#else
119 return CRYPTO_malloc(num, file, line);
120#endif /* IMPLEMENTED */
121}
122
123void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
124{
125 void *ret = CRYPTO_secure_malloc(num, file, line);
126
127 if (ret != NULL)
128 memset(ret, 0, num);
129 return ret;
130}
131
132void CRYPTO_secure_free(void *ptr, const char *file, int line)
133{
134#ifdef IMPLEMENTED
135 size_t actual_size;
136
137 if (ptr == NULL)
138 return;
139 if (!CRYPTO_secure_allocated(ptr)) {
140 CRYPTO_free(ptr, file, line);
141 return;
142 }
143 CRYPTO_THREAD_write_lock(sec_malloc_lock);
144 actual_size = sh_actual_size(ptr);
145 CLEAR(ptr, actual_size);
146 secure_mem_used -= actual_size;
147 sh_free(ptr);
148 CRYPTO_THREAD_unlock(sec_malloc_lock);
149#else
150 CRYPTO_free(ptr, file, line);
151#endif /* IMPLEMENTED */
152}
153
154int CRYPTO_secure_allocated(const void *ptr)
155{
156#ifdef IMPLEMENTED
157 int ret;
158
159 if (!secure_mem_initialized)
160 return 0;
161 CRYPTO_THREAD_write_lock(sec_malloc_lock);
162 ret = sh_allocated(ptr);
163 CRYPTO_THREAD_unlock(sec_malloc_lock);
164 return ret;
165#else
166 return 0;
167#endif /* IMPLEMENTED */
168}
169
170size_t CRYPTO_secure_used()
171{
172#ifdef IMPLEMENTED
173 return secure_mem_used;
174#else
175 return 0;
176#endif /* IMPLEMENTED */
177}
178
179size_t CRYPTO_secure_actual_size(void *ptr)
180{
181#ifdef IMPLEMENTED
182 size_t actual_size;
183
184 CRYPTO_THREAD_write_lock(sec_malloc_lock);
185 actual_size = sh_actual_size(ptr);
186 CRYPTO_THREAD_unlock(sec_malloc_lock);
187 return actual_size;
188#else
189 return 0;
190#endif
191}
192/* END OF PAGE ...
193
194 ... START OF PAGE */
195
196/*
197 * SECURE HEAP IMPLEMENTATION
198 */
199#ifdef IMPLEMENTED
200
201
202/*
203 * The implementation provided here uses a fixed-sized mmap() heap,
204 * which is locked into memory, not written to core files, and protected
205 * on either side by an unmapped page, which will catch pointer overruns
206 * (or underruns) and an attempt to read data out of the secure heap.
207 * Free'd memory is zero'd or otherwise cleansed.
208 *
209 * This is a pretty standard buddy allocator. We keep areas in a multiple
210 * of "sh.minsize" units. The freelist and bitmaps are kept separately,
211 * so all (and only) data is kept in the mmap'd heap.
212 *
213 * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
214 * place.
215 */
216
217#define ONE ((size_t)1)
218
219# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
220# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7)))
221# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
222
223#define WITHIN_ARENA(p) \
224 ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
225#define WITHIN_FREELIST(p) \
226 ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
227
228
229typedef struct sh_list_st
230{
231 struct sh_list_st *next;
232 struct sh_list_st **p_next;
233} SH_LIST;
234
235typedef struct sh_st
236{
237 char* map_result;
238 size_t map_size;
239 char *arena;
240 size_t arena_size;
241 char **freelist;
242 ossl_ssize_t freelist_size;
243 size_t minsize;
244 unsigned char *bittable;
245 unsigned char *bitmalloc;
246 size_t bittable_size; /* size in bits */
247} SH;
248
249static SH sh;
250
251static size_t sh_getlist(char *ptr)
252{
253 ossl_ssize_t list = sh.freelist_size - 1;
254 size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
255
256 for (; bit; bit >>= 1, list--) {
257 if (TESTBIT(sh.bittable, bit))
258 break;
259 OPENSSL_assert((bit & 1) == 0);
260 }
261
262 return list;
263}
264
265
266static int sh_testbit(char *ptr, int list, unsigned char *table)
267{
268 size_t bit;
269
270 OPENSSL_assert(list >= 0 && list < sh.freelist_size);
271 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
272 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
273 OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
274 return TESTBIT(table, bit);
275}
276
277static void sh_clearbit(char *ptr, int list, unsigned char *table)
278{
279 size_t bit;
280
281 OPENSSL_assert(list >= 0 && list < sh.freelist_size);
282 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
283 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
284 OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
285 OPENSSL_assert(TESTBIT(table, bit));
286 CLEARBIT(table, bit);
287}
288
289static void sh_setbit(char *ptr, int list, unsigned char *table)
290{
291 size_t bit;
292
293 OPENSSL_assert(list >= 0 && list < sh.freelist_size);
294 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
295 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
296 OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
297 OPENSSL_assert(!TESTBIT(table, bit));
298 SETBIT(table, bit);
299}
300
301static void sh_add_to_list(char **list, char *ptr)
302{
303 SH_LIST *temp;
304
305 OPENSSL_assert(WITHIN_FREELIST(list));
306 OPENSSL_assert(WITHIN_ARENA(ptr));
307
308 temp = (SH_LIST *)ptr;
309 temp->next = *(SH_LIST **)list;
310 OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
311 temp->p_next = (SH_LIST **)list;
312
313 if (temp->next != NULL) {
314 OPENSSL_assert((char **)temp->next->p_next == list);
315 temp->next->p_next = &(temp->next);
316 }
317
318 *list = ptr;
319}
320
321static void sh_remove_from_list(char *ptr)
322{
323 SH_LIST *temp, *temp2;
324
325 temp = (SH_LIST *)ptr;
326 if (temp->next != NULL)
327 temp->next->p_next = temp->p_next;
328 *temp->p_next = temp->next;
329 if (temp->next == NULL)
330 return;
331
332 temp2 = temp->next;
333 OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
334}
335
336
337static int sh_init(size_t size, int minsize)
338{
339 int i, ret;
340 size_t pgsize;
341 size_t aligned;
342
343 memset(&sh, 0, sizeof sh);
344
345 /* make sure size and minsize are powers of 2 */
346 OPENSSL_assert(size > 0);
347 OPENSSL_assert((size & (size - 1)) == 0);
348 OPENSSL_assert(minsize > 0);
349 OPENSSL_assert((minsize & (minsize - 1)) == 0);
350 if (size <= 0 || (size & (size - 1)) != 0)
351 goto err;
352 if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
353 goto err;
354
355 sh.arena_size = size;
356 sh.minsize = minsize;
357 sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
358
359 /* Prevent allocations of size 0 later on */
360 if (sh.bittable_size >> 3 == 0)
361 goto err;
362
363 sh.freelist_size = -1;
364 for (i = sh.bittable_size; i; i >>= 1)
365 sh.freelist_size++;
366
367 sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof (char *));
368 OPENSSL_assert(sh.freelist != NULL);
369 if (sh.freelist == NULL)
370 goto err;
371
372 sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
373 OPENSSL_assert(sh.bittable != NULL);
374 if (sh.bittable == NULL)
375 goto err;
376
377 sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
378 OPENSSL_assert(sh.bitmalloc != NULL);
379 if (sh.bitmalloc == NULL)
380 goto err;
381
382 /* Allocate space for heap, and two extra pages as guards */
383#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
384 {
385# if defined(_SC_PAGE_SIZE)
386 long tmppgsize = sysconf(_SC_PAGE_SIZE);
387# else
388 long tmppgsize = sysconf(_SC_PAGESIZE);
389# endif
390 if (tmppgsize < 1)
391 pgsize = PAGE_SIZE;
392 else
393 pgsize = (size_t)tmppgsize;
394 }
395#else
396 pgsize = PAGE_SIZE;
397#endif
398 sh.map_size = pgsize + sh.arena_size + pgsize;
399 if (1) {
400#ifdef MAP_ANON
401 sh.map_result = mmap(NULL, sh.map_size,
402 PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
403 } else {
404#endif
405 int fd;
406
407 sh.map_result = MAP_FAILED;
408 if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
409 sh.map_result = mmap(NULL, sh.map_size,
410 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
411 close(fd);
412 }
413 }
414 OPENSSL_assert(sh.map_result != MAP_FAILED);
415 if (sh.map_result == MAP_FAILED)
416 goto err;
417 sh.arena = (char *)(sh.map_result + pgsize);
418 sh_setbit(sh.arena, 0, sh.bittable);
419 sh_add_to_list(&sh.freelist[0], sh.arena);
420
421 /* Now try to add guard pages and lock into memory. */
422 ret = 1;
423
424 /* Starting guard is already aligned from mmap. */
425 if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
426 ret = 2;
427
428 /* Ending guard page - need to round up to page boundary */
429 aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
430 if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
431 ret = 2;
432
433 if (mlock(sh.arena, sh.arena_size) < 0)
434 ret = 2;
435#ifdef MADV_DONTDUMP
436 if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
437 ret = 2;
438#endif
439
440 return ret;
441
442 err:
443 sh_done();
444 return 0;
445}
446
447static void sh_done()
448{
449 OPENSSL_free(sh.freelist);
450 OPENSSL_free(sh.bittable);
451 OPENSSL_free(sh.bitmalloc);
452 if (sh.map_result != NULL && sh.map_size)
453 munmap(sh.map_result, sh.map_size);
454 memset(&sh, 0, sizeof sh);
455}
456
457static int sh_allocated(const char *ptr)
458{
459 return WITHIN_ARENA(ptr) ? 1 : 0;
460}
461
462static char *sh_find_my_buddy(char *ptr, int list)
463{
464 size_t bit;
465 char *chunk = NULL;
466
467 bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
468 bit ^= 1;
469
470 if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
471 chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
472
473 return chunk;
474}
475
476static char *sh_malloc(size_t size)
477{
478 ossl_ssize_t list, slist;
479 size_t i;
480 char *chunk;
481
482 list = sh.freelist_size - 1;
483 for (i = sh.minsize; i < size; i <<= 1)
484 list--;
485 if (list < 0)
486 return NULL;
487
488 /* try to find a larger entry to split */
489 for (slist = list; slist >= 0; slist--)
490 if (sh.freelist[slist] != NULL)
491 break;
492 if (slist < 0)
493 return NULL;
494
495 /* split larger entry */
496 while (slist != list) {
497 char *temp = sh.freelist[slist];
498
499 /* remove from bigger list */
500 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
501 sh_clearbit(temp, slist, sh.bittable);
502 sh_remove_from_list(temp);
503 OPENSSL_assert(temp != sh.freelist[slist]);
504
505 /* done with bigger list */
506 slist++;
507
508 /* add to smaller list */
509 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
510 sh_setbit(temp, slist, sh.bittable);
511 sh_add_to_list(&sh.freelist[slist], temp);
512 OPENSSL_assert(sh.freelist[slist] == temp);
513
514 /* split in 2 */
515 temp += sh.arena_size >> slist;
516 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
517 sh_setbit(temp, slist, sh.bittable);
518 sh_add_to_list(&sh.freelist[slist], temp);
519 OPENSSL_assert(sh.freelist[slist] == temp);
520
521 OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
522 }
523
524 /* peel off memory to hand back */
525 chunk = sh.freelist[list];
526 OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
527 sh_setbit(chunk, list, sh.bitmalloc);
528 sh_remove_from_list(chunk);
529
530 OPENSSL_assert(WITHIN_ARENA(chunk));
531
532 return chunk;
533}
534
535static void sh_free(char *ptr)
536{
537 size_t list;
538 char *buddy;
539
540 if (ptr == NULL)
541 return;
542 OPENSSL_assert(WITHIN_ARENA(ptr));
543 if (!WITHIN_ARENA(ptr))
544 return;
545
546 list = sh_getlist(ptr);
547 OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
548 sh_clearbit(ptr, list, sh.bitmalloc);
549 sh_add_to_list(&sh.freelist[list], ptr);
550
551 /* Try to coalesce two adjacent free areas. */
552 while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
553 OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
554 OPENSSL_assert(ptr != NULL);
555 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
556 sh_clearbit(ptr, list, sh.bittable);
557 sh_remove_from_list(ptr);
558 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
559 sh_clearbit(buddy, list, sh.bittable);
560 sh_remove_from_list(buddy);
561
562 list--;
563
564 if (ptr > buddy)
565 ptr = buddy;
566
567 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
568 sh_setbit(ptr, list, sh.bittable);
569 sh_add_to_list(&sh.freelist[list], ptr);
570 OPENSSL_assert(sh.freelist[list] == ptr);
571 }
572}
573
574static size_t sh_actual_size(char *ptr)
575{
576 int list;
577
578 OPENSSL_assert(WITHIN_ARENA(ptr));
579 if (!WITHIN_ARENA(ptr))
580 return 0;
581 list = sh_getlist(ptr);
582 OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
583 return sh.arena_size / (ONE << list);
584}
585#endif /* IMPLEMENTED */
Note: See TracBrowser for help on using the repository browser.